This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 103336 - (u2d-ssl-cert-expire) up2date fails with ssl error
up2date fails with ssl error
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
8.0
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Bret McMillan
Fanny Augustin
:
: 103339 103340 103343 103347 103357 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-28 20:10 EDT by Ed Griffin
Modified: 2007-04-18 12:57 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 12:20:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ed Griffin 2003-08-28 20:10:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030814

Description of problem:
up2date fails with ssl error.

Coincidence that RHNS-CA-CERT has the following in the first cert entry?

       Validity
            Not Before: Aug 23 22:45:55 2000 GMT
            Not After : Aug 28 22:45:55 2003 GMT

Same cert found in Taroon with all updates as well as up2date package from RedHat 9.

Version-Release number of selected component (if applicable):
up2date-3.0.7.1-2

How reproducible:
Always

Steps to Reproduce:
1. run up2date
2.
3.
    

Actual Results:  There was an SSL error: [('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Additional info:
Comment 1 Al Sera 2003-08-28 21:20:31 EDT
I am running RH Linux 9 and just started getting same error from the RNH applet
which goes into (?). Went all over the instructions on the RHN login web page
regarding SSL certificates and condition still remains. Running up2date-3.1.23.1-5.
Comment 2 Bill Nottingham 2003-08-29 01:13:56 EDT
*** Bug 103347 has been marked as a duplicate of this bug. ***
Comment 3 Bill Nottingham 2003-08-29 01:14:06 EDT
*** Bug 103343 has been marked as a duplicate of this bug. ***
Comment 4 Bill Nottingham 2003-08-29 01:14:16 EDT
*** Bug 103339 has been marked as a duplicate of this bug. ***
Comment 5 Bill Nottingham 2003-08-29 01:14:23 EDT
*** Bug 103340 has been marked as a duplicate of this bug. ***
Comment 6 Francesco Amelio 2003-08-29 06:52:04 EDT
I've the same problem.

Description of problem:
When i run:
up2date -u
i see the following output:
There was an SSL error: [('SSL 
routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

If i execute: 
openssl s_client -connect xmlrpc.rhn.redhat.com:443 -CAfile /usr/share/rhn/RHNS-
CA-CERT

The last line give:
Verify return code: 10 (Certificate has expired)

My system date is good but in /usr/share/rhn/RHNS-CA-CERT i see the expire date 
as follow:
Validity
Not Before: Aug 23 22:45:55 2000 GMT
Not After : Aug 28 22:45:55 2003 GMT

I think that all systems has this certificate date.

What's going on?

Comment 7 Mithun Bhattacharya 2003-08-29 07:29:31 EDT
I have a temporary solution for this. I ran up2date --configure and changed the
https URL to a http one and up2date is running fine after that.
Comment 8 Bill Nottingham 2003-08-29 08:53:50 EDT
*** Bug 103357 has been marked as a duplicate of this bug. ***
Comment 9 Al Sera 2003-08-29 09:07:17 EDT
I followed the advise of Comment #7, ran up2date, and found a new version of
up2date and up2date-gnome (3.1.23.2-1), perfomed the update, restarted my
applet, and life is good. I changed back to https from the temp solution before
restarting the applet.
Comment 10 Mark J. Cox (Product Security) 2003-08-29 11:52:12 EDT
See http://rhn.redhat.com/ for details of this issue and how to fix it.  

Or see our advisories directly at 
https://rhn.redhat.com/errata/RHSA-2003-267.html
and
https://rhn.redhat.com/errata/RHSA-2003-268.html
Comment 11 Shawn Walker 2003-08-31 17:14:31 EDT
Mark J. Cox, your advisories do not address this issue, even after installing
the updated RPM's I still receive this error. Something else is wrong. I even
manually updated the SSL certificate. The difference I suppose is this is a
system that I'm registering for the first time, it was not yet registered
*before* I updated 'up2date'.
Comment 12 Shawn Walker 2003-08-31 17:25:00 EDT
I should note that the problem was on a newly setup RedHat 8.0 box
Comment 13 Gabriel Schulhof 2003-08-31 23:11:02 EDT
I too have this problem.  I downloaded the new up2date packages (3.0.7.2-1) from
the security/bugfixes page whose URL was sent out in the "URGENT:[...]" email. 
After performing an rpm -Fvh, up2date continued to be b0rken with the same error.

I tried downloading the RHNS-CA-CERT file and performing install -b RHNS-CA-CERT
/usr/share/rhn as indicated, but that didn't fix the problem either.
Comment 14 curtis quisenberry 2003-09-03 10:32:03 EDT
Hi,

    I was able to update the up2date & up2date-gnome for Red Hat v9.0.  However,
I am also running Red Hat Linux (Severn) 9.0.93 - Beta.  Is there a similar
update for both packages available for the Severn Beta edition of Red Hat?

Thanks,
Curtis
Comment 15 John Joseph Bachir 2006-04-08 22:38:48 EDT
Check the file /etc/sysconfig/rhn/up2date.  There should be two lines that look like this

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

In machines where up2date is broken, the second of these two lines is missing. Add that line and you fix 
the problem.
Comment 16 Bill Nottingham 2006-08-07 14:56:57 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 17 Bill Nottingham 2006-10-18 12:20:18 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.